[Vol-users] Plugin ethscan problem

Thomas linux at linux4n6.ws
Wed Jan 1 05:34:36 CST 2014


Hi,

Happy New Year! :)

I tried to explore the contest plugin ethscan (latest release) on a few 
different memory samples containing Mac OSX and Linux OS without success. Each 
time I got an error message like:

ERROR   : volatility.commands : This command does not support the profile 
MacMountainLion_10_8_3_AMDx64

I'm using the correct OS profile, downloaded from the Volatility site 
(MacProfilesAll.zip) and https://github.com/KDPryor/LinuxVolProfiles.
Other Volatility commands like mac_dmesg or linux_netstat does work correctly, 
so the Profile should really match.

Volatility: current SVN revision 3573.

Memory samples from:

Mac OSX 10.8.3 x64 from Volatility download page

OSX 10.7.5 (not 10.7.3) from osxreverser, found on Twitter:
https://twitter.com/osxreverser/status/344521006288891905

Ubuntu 10.04
http://files.sempersecurus.org/dumps/memory/pexit.zip
found on this interesting blog:
http://sempersecurus.blogspot.de/2013/12/a-forensic-overview-of-linux-
perlbot.html

ethscan does work correctly when using different Windows dumps.

How can I fix this problem and get ethscan work also on OSX and Linux dumps?

Thanks!
Thomas


More information about the Vol-users mailing list